Did you get a fair and just outcome from your last audit?
A vendor audit playbook and audit defence process won’t guarantee that you’re compliant, but it will ensure that everyone has clarity regarding what is expected of them and how the audit will be run.
We all know how painful audits can be, but there are ways to minimise the pain and maximise your ability to achieve a fair and just outcome. Having a vendor audit playbook and audit defence process won’t guarantee that you’re compliant, but it will ensure that everyone has clarity regarding what is expected of them and how the audit will be run. It will also help you set expectations with the auditor themselves when negotiating critical elements such as the scope and non-disclosure agreements before the audit actually commences.
We’re running a software audit defence masterclass on the 14th and 21st July, where we’ll help you define an audit playbook and defence process that works for YOUR organisation.
But we know justifying training can be hard, so here are our thoughts on what you might put into a business case to persuade the powers that be that you should be on the course!
Our company’s management of software vendor audits to date has been reactive and ad hoc. The impact of this is that the way we perform software vendor audits leads to significant disruption for the technical and other teams involved in the audit. The results of our audits are often seen to be ‘unfair’ or ‘unjust’ because we have struggled to pull together the evidence for what software we own and what software we are using, and it has been challenging to close out our audits within a reasonable timeframe, resulting in frustration and audit fatigue for everyone involved.
Furthermore, our inability to produce timely and accurate compliance reports undermines the forecasting requirement of the procurement team when it comes to negotiating audit settlements, and indeed, when negotiating new contracts in general. Knowing what we have in place, any risks or issues, and what software we will need in the next 2-3 years, is vital to strike the best possible deal.
Many of these issues could be resolved by developing a formal software vendor audit playbook and software vendor audit defence process.
The SAM team propose developing a software vendor audit playbook and vendor audit defence process. This will:
- Document the process we will follow when performing a vendor audit
- Define a set of ‘policies’ that we will follow during a vendor audit to help us agree with the auditor the process and conditions under which the audit will be performed
- Clarify internal roles and responsibilities when engaging with vendors and / or their agents when performing an audit
The vendor playbook will ensure that everyone is clear about how the audit will be run and the expectations that will be placed upon them. It will also ensure that we are consistent in our approach to audits and the conditions under which we will run a software vendor audit. This will help us when engaging with the auditors themselves and negotiating critical elements such as the scope and duration of the audit.
OPTIONS & RECOMMENDED APPROACH
Do Nothing: This will leave our company relying on our existing level of knowledge to tackle future audits.
Pros: There is no direct cost associated with this option
Cons: It is likely that we will continue to struggle to respond effectively to vendor audits.
Create the playbook in house: This option is reliant on our internal knowledge regarding audit best practice and information available on the internet.
Pros: There is no direct cost with this option
Cons: While the SAM team have a solid understanding of the theory behind audit defence best practice, they do not have a best-practice framework within which to design the vendor audit defence playbook. Information available on the internet is ad hoc and lacks authority. The SAM team will need to expend significant time and resource identifying the gold from the dross without necessarily feeling confident they have access to genuine best practice.
Formal training: Audit defence training is available either on-demand or through in-person virtual workshop style training.
In-person virtual training (ITAM Accelerate) – This workshop-based virtual training is running on the 14th and 21st July. The workshop will provide focused training and templates designed to allow the SAM team to define a process and playbook with software asset management experts.
Pros: The workshop format allows us to ask questions and engage in discussion with the trainers and fellow students to give us a deep understanding of how to build a process and playbook that is adapted to our own organisation. We will also receive best practice templates that can be adapted for use when we create our own process and playbook.
Cons: there is only one public course currently scheduled.
We will still need to spend time tailoring the templates to our own organisation, as well as socialising and obtaining approval for the final documents.
Price: GBP500pp plus VAT (if applicable)
Pros: Training is not time or workshop dependent and can be completed at our own pace.
Cons: the course is self-directed and while it provides a best-practice audit-defence framework, the SAM team would still need to create the playbook and process from scratch, applying theory to practice without any guidance beyond that provided by the on-demand course.
Price: £xxx pp
External consultancy: We could engage our SAM partner or other external consultant to work with us to write a vendor audit playbook and process tailored to our organisation.
Pros: we can be confident that the playbook would be current best practice and the playbook and associated processes would be documented for us, reducing internal resource requirements.
Cons: this is an expensive option.
Price: £4,500 plus VAT
The SAM team enrol on the ITAM Accelerate Software Vendor Audit defence workshop scheduled on 14th & 21st July.
Total cost: £500pp for x students = £xxx
While the training course will enable us to draft our own software vendor audit playbook, realising the benefits of the playbook during a vendor audit will depend on the following:
- Senior management sponsorship to invest the time and resource to create the software vendor audit playbook and have it approved by the senior leadership team
- Attendance at team meetings to explain the playbook and process to tech teams to ensure they are aware of their roles and responsibilities during an audit.
Hopefully this business case will help persuade your senior managers that you REALLY need a vendor audit playbook and that our masterclass is a cost effective way way to achieve this!
If you want to find out more or wish to enroll on the course, then please get in touch!